CVE-2026-12104

Summary

OS command injection in the environment and tunnel configuration functionality in SIMA GmbH Bondix through version 1.25.7.5 on Linux allows an authenticated attacker with configuration write access to execute arbitrary operating-system commands via crafted configuration values passed to server-side scripts.

Affected Software

VendorProductVersion RangeStatus
SIMA GmbHBondix Server0 <= 1.25.7.5affected
SIMA GmbHBondix Server1.25.7.6unaffected

Weaknesses

  • CWE-78: CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References